Default security on o365 must be disabled
You need to exclude the user from self-service password reset service.
You need to enable smtp authentication
The device must support TSL (version 1.2 for now) if device is not supported, you can enable legacy TSL on power-shell with global admin credentials.
